microdot 注入漏洞

Microdot is a minimalistic Python web framework developed by Miguel Grinberg. Versions of Microdot prior to 2.6.1 contained an injection vulnerability. This vulnerability stemmed from the Response.setcookie method not properly cleaning the string parameters, which could lead to header injection...

Medium: python-tornado

Issue Overview: In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536 Affected Packages: python-tornado Issue Correction: Run dnf update python-tornado...

EUVD-2026-18574

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

Tornado has cookie attribute injection via .RequestHandler.set_cookie

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

UBUNTU-CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

Parameter Injection

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Parameter Injection in the setcookie function in web.py‎. An attacker can manipulate cookie attributes by injecting values after ...

Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued

Impact Setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. Note This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set $secure = true in Config\Cookie. php...